Dai Davis, head of the IT Group at law firm Nabarro Nathanson,
said: "The Act will make this relatively little known but
potentially extensive use of personal data through cookie
technology illegal, unless it is made transparent to data subjects
what information has been collected and how it is likely to be
used."

Davis said the change in the laws will place European businesses
at a competitive disadvantage to countries operating from outside
Europe, which do not have to comply with the new legislation, such
as the US where "data protection is anathema".

"This is another case of the European Commission shooting
European companies in the foot and one which is potentially highly
damaging," said Davis.

James Roper, chief executive of industry body the Interactive
Media Retail Group, said the legislation will damage UK
ecommerce.

"It will put us at a disadvantage to the US," he said. "The
serious companies that we urgently need to engage in ecommerce
cannot break the law, so they will try to do it properly at a great
cost or management burden which could prevent them from making
steps into ecommerce.

"Demanding transparent use of cookies is like forcing Ford to
state how its carburettor works each time it sells a car. The
customer does not need to know."

Transparent use of cookies, however, has its supporters. Helena
Sims, the Data Protection Registrar's compliance manager, said the
1998 Act is no different to the 1984 Act in the respect that
"individuals should know who is collecting information about them,
for what purpose and any disclosures".

"There is a transitional provision in the 1998 Act for companies
that have had a site using cookies to monitor use of the internet
before 24 October 1998. They will have until 24 October 2001 to
comply."

Keith Mitchell, chairman of Internet hub the London Internet
Exchange, said: "Privacy protection in the US is inadequate. There
has been abusive cookie use and transparent use of cookies will
promote users confidence in ecommerce."